FTPShell Client v5.24 Buffer Overflow
Monthly Archives: December 2015
Bugtraq: Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution
Executable installers are vulnerable^WEVIL (case 16): Trend Micro’s installers allows arbitrary (remote) code execution
Bugtraq: Joomla 1.5.x to 3.4.5 Object Injection Exploit (golang)
Joomla 1.5.x to 3.4.5 Object Injection Exploit (golang)
CVE-2015-7441
Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
CVE-2015-7489
IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script.
DSA-3431 ganeti – security update
Pierre Kim discovered two vulnerabilities in the restful API of Ganeti,
a virtual server cluster management tool. SSL parameter negotiation
could result in denial of service and the DRBD secret could leak.
DSA-3432 icedove – security update
Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
integer overflows, buffer overflows and other implementation errors may
lead to the execution of arbitrary code or denial of service.